Technology blog

Cybersecurity Threat Landscape: Emerging threats and Mitigating Risks in 2024

Cybersecurity threats are rapidly evolving as new threats and sophisticated cybercriminal strategies emerge, creating significant challenges for organizations and the public.

According to the Kaspersky Incident Response Analyst Report 2023, 75% of cyberattack attempts exploited Microsoft Office, with the most common infection vectors being publicly available applications and compromised accounts. Attackers frequently use stolen credentials to conduct remote desktop protocol (RDP) attacks, phishing emails, and malicious files mimicking document templates.

Although attack attempts dropped by 36% in Q1 of 2023 compared to 2022, ransomware and cybersabotage remain the most significant threats.
“Governments were the most prolific target by threat actors followed distantly by manufacturing and financial institutions with the largest cyberthreat risk being ransomware and cybersabotage,” said Igor Kuznetsov, Director, Global Research & Analysis Team (GReAT) at Kaspersky.

Ransomware-as-a-Service (RaaS) has become a prominent trend, with cybercriminals operating like businesses, using affiliates to carry out attacks. Igor dispels three myths: cybercriminals aren’t just IT-educated criminals, ransomware targets aren’t pre-selected, and gangs don’t act alone. RaaS involves collaboration among various specialized actors, from access resellers to negotiators, making ransomware attacks increasingly sophisticated.

“Ultimately, affected organizations must not pay a ransom which will perpetuate and enable more cybercrime,” said Igor. “Victims can often recover their data without paying. Kaspersky maintains a vault of keys and tools to decrypt data locked by various ransomware families. Since 2018, over 1.5 million users worldwide have successfully recovered their data using these resources.”

Supply chain attacks, particularly those involving containerized systems running on open-source software, present another major threat. “Containerized systems often rely on numerous third-party dependencies, introducing significant supply chain risks from both malicious intent and unintentional flaws,” explains Igor. He cites two examples: “The Crowdstrike event caused an outage on millions of devices, demonstrating how a faulty update can have widespread impact.

Additionally, a less publicized attack on XZ Linux utilities could have compromised millions of SSH-enabled devices.”

More information can be found at Kaspersky

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company’s comprehensive security portfolio includes leading endpoint protection, specialised security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

 

Tech and Teen

Recent Posts

Mohammad Shahjalal elected as the Chairman of eGeneration PLC

Mohammad Shahjalal has been unanimously elected as the Chairman of eGeneration PLC in the Board…

3 weeks ago

GIGABYTE Announces AORUS Z890 Motherboards Now Available, Unlocking AI-Enhanced Performance with D5 Bionic Corsa

GIGABYTE, the world’s leading computer brand, proudly announces that the AORUS Z890 series motherboards are…

3 weeks ago

PriyoShop recognised as a Semi-finalist in Supernova Challenge 2024

The Supernova Challenge is the biggest pitch competition based in Dubai, cohorting the Middle East,…

3 weeks ago

University of Information Technology and Sciences (UITS) Submits Application of ‘Intent to Apply’ for BAC Accreditation

The University of Information Technology and Sciences (UITS) Institutional Quality Assurance Cell (IQAC) submitted applications…

3 weeks ago

Banglalink Introduces Exciting Value Back Offers on iPhone 16 Series

Banglalink, the country’s innovative digital operator, is here with exclusive offers on the newest iPhone…

3 weeks ago

Kaspersky uncovers new Grandoreiro light variant

Despite the arrest of important operators in early 2024, Grandoreiro continues to be used by…

3 weeks ago